From 92bb3e6ad6083b13213c4c3e71d0fbb6a7f83971 Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Fri, 30 May 2008 21:22:27 +0000
Subject: decided just to kill all on*= event handlers, rather than trying to
 keep up with (and require users to do the same) with a blacklist.

---
 system/libraries/Input.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/system/libraries/Input.php b/system/libraries/Input.php
index 5f066cc5e..b111108eb 100644
--- a/system/libraries/Input.php
+++ b/system/libraries/Input.php
@@ -757,7 +757,7 @@ class CI_Input {
 		 * but it's unlikely to be a problem.
 		 *
 		 */
-		$event_handlers = array('onblur','onchange','onclick','ondblclick','onended','onerror','onfocus','onkeydown','onkeypress','onkeyup','onload','onmousedown','onmousemove','onmouseover','onmouseout','onmouseup','onresize','onselect','onsubmit','onunload','xmlns');
+		$event_handlers = array('xmlns');
 
 		if ($is_image === TRUE)
 		{
@@ -768,7 +768,7 @@ class CI_Input {
 			unset($event_handlers[array_search('xmlns', $event_handlers)]);
 		}
 		
-		$str = preg_replace("#<([^><]+)(".implode('|', $event_handlers).")(\s*=\s*[^><]*)([><]*)#i", "<\\1\\4", $str);
+		$str = preg_replace("#<([^><]+)((?=on\w*)|".implode('|', $event_handlers).")(\s*=\s*[^><]*)([><]*)#i", "<\\1\\4", $str);
 
 		/*
 		 * Sanitize naughty HTML elements
-- 
cgit v1.2.3-24-g4f1b